通过Net_SSH2连接到ssh时允许使用SUDO
[英]Allow the use of SUDO when connecting to ssh through Net_SSH2
问题描述
I have a problem doing Sudo command through SSH when connecting from php, but not connection from regular terminal 
从php连接时通过SSH执行Sudo命令时遇到问题,但从常规终端无法连接
if i'm connecting on SSH to an AWS machine with Net_SSH2 如果我要使用Net_SSH2通过SSH连接到AWS机器
$ssh = new Net_SSH2($instanceIp);
if ( ! $ssh->login('ec2-user', $key)) {
$logger->error('Login Failed');
}
I'll get this error: sudo: sorry, you must have a tty to run sudo 我将收到此错误:sudo:对不起,您必须有一个tty才能运行sudo
If I'm connecting directly from terminal ssh -i ~/Path/to-file-key.pem ec2-user@111.111.11.111 So I can run any sudo command without problems. 如果我直接从终端ssh -i〜/ Path / to-file-key.pem连接,则ec2-user@111.111.11.111因此,我可以毫无问题地运行任何sudo命令。
I don't want to remove from /etc/sudoers (I don't want to have something to do on the server, I want it to be done by the connection) 我不想从/ etc / sudoers中删除(我不想在服务器上做任何事情,我希望通过连接来完成)
Defaults requiretty
Is there a way to do it without that ? 有没有办法做到这一点?
Thanks for your help 谢谢你的帮助
2 个解决方案
解决方案1
0 2015-07-02 09:39:12
If i may quote this article, 如果我可以引用这篇文章,
Red Hat systems (RHEL, Fedora...) have been known to require a TTY in default sudoers file.
Red Hat have acknowledged the problem and it will be removed in future releases.
Therefore, it's safe to remove the "requiretty", that way you won't have a problem to execute sudo commands via SSH. 因此,删除“ requiretty”是安全的,这样您就可以通过SSH执行sudo命令了。
You may also try running ssh with the -t option(the repercussions of which you can find in the aforementioned article), it forces pseudo-tty allocation, so it might work. 您也可以尝试使用-t选项运行ssh(可以在前面的文章中找到其影响),它会强制伪tty分配,因此它可能会起作用。 I don't know if there's a way to add that option to Net_SSH, but it should be OpenSSH based, so normally, you should. 我不知道是否有办法将该选项添加到Net_SSH,但是它应该基于OpenSSH,因此通常应该这样做。 Worst case scenario, you can allways run the ssh command via exec, but removing require tty seems to be the best option. 最坏的情况是,您可以始终通过exec运行ssh命令,但是删除require tty似乎是最好的选择。
解决方案2
0 2015-07-05 16:43:46
The phpseclib docs give an example of how to use sudo: phpseclib文档提供了有关如何使用sudo的示例:
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('www.domain.tld');
if (!$ssh->login('username', 'password')) {
exit('Login Failed');
}
echo $ssh->read('username@username:~$');
$ssh->write("sudo ls -la\n");
$output = $ssh->read('#[pP]assword[^:]*:|username@username:~\$#', NET_SSH2_READ_REGEX);
echo $output;
if (preg_match('#[pP]assword[^:]*:#', $output)) {
$ssh->write("password\n");
echo $ssh->read('username@username:~$');
}
http://phpseclib.sourceforge.net/ssh/examples.html#sudo http://phpseclib.sourceforge.net/ssh/examples.html#sudo
If you want to try to do it with $ssh->exec (it's not clear what you're doing since you didn't provide the full code in your post) you can do sudo visudo and then add an entry for the username / script that you're wanting to run. 如果您想尝试使用$ssh->exec (由于您未在帖子中提供完整的代码,目前尚不清楚您在做什么),可以执行sudo visudo ,然后为用户名/添加一个条目您要运行的脚本。 eg. 例如。
username ALL=(ALL) NOPASSWD: /path/to/script
Alternatively, you could do this: 或者,您可以这样做:
echo "PASSWORD" | sudo -S /path/to/script
For more information google "sudo in a bash script" 有关更多信息,谷歌“ bash脚本中的sudo”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.